Summary: | <www-client/lynx-2.8.8_rc1: Does not verify that the server's certificate is signed by a trusted certification authority (CVE-2012-5821) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | radhermit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5821 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-11-05 17:40:45 UTC
CVE-2012-5821 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5821): Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. Arches, please stabilize: =www-client/lynx-2.8.8_rc1 Target arches: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. amd64 stable ppc stable ppc64 stable alpha stable x86 stable sparc stable arm stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: no GLSA vote: no Waiting for cleanup (In reply to Sergey Popov from comment #13) > Waiting for cleanup Done. Maintainer(s), Thank you for cleanup! |